CVE-2023-41078Incorrect Authorization in Apple Macos

CWE-863Incorrect AuthorizationCWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple Macos Sonoma
Timeline
PublishedSep 27
Latest updateApr 18

Description

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5apple/macosunspecified14
NVDapple/macos< 14.0

🔴Vulnerability Details

2
GHSA
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path2026-04-18
GHSA
GHSA-r2x6-4xhx-p3qc: An authorization issue was addressed with improved state management2023-09-27

📋Vendor Advisories

1
Apple
CVE-2023-41078: macOS Sonoma 142023-09-26